Stuxnet Computer Virus Still Wreaking Havoc on Iranian Nuke Computers

In a way Iran is like the character Rocky from the movies. Every time the Sylvester Stallone character would be in the middle of getting the crap beaten out of him, he would scream “you ain’t so bad,” but the audience would know better because they would see the blood flying every time the poor guy would get hit.

The computers running the centrifuges enriching uranium in Iran were infected by the Stuxnet computer work sometime last spring. As the virus has built its way throughout the Iranian computer network, it has caused the centrifuges to speed up and slow down in ways that burn them out causing them to break down. It is the most sophisticated cyber-weapon ever created. Scientists who have examine the worm describe it as a cyber-missile designed to penetrate advanced security systems. It targeted and took over the controls of the centrifuge systems at Iran’s uranium processing center in Natanz, and it targeted the massive turbine at the nuclear reactor in Bashehr.

Last week Iranian President Ahmadinejad, after months of denials, reluctantly admitted that the worm had penetrated Iran’s nuclear sites, but he said it was detected and controlled. His statement was like Rocky’s “You aint so bad!”

How do we know? Because a US site that has been studying the Stuxnet worm has been inundated with requests for information from Iran:

Eric Byres, a computer expert who has studied the worm, said his site was hit with a surge in traffic from Iran, meaning that efforts to get the two nuclear plants to function normally have failed. The web traffic, he says, shows Iran still hasn’t come to grips with the complexity of the malware that appears to be still infecting the systems at both Bashehr and Natanz.

“The effort has been stunning,” Byres said. “Two years ago American users on my site outnumbered Iranians by 100 to 1. Today we are close to a majority of Iranian users.”

He said that while there may be some individual computer owners from Iran looking for information about the virus, it was unlikely that they were responsible for the vast majority of the inquiries because the worm targeted only the two nuclear sites and did no damage to the thousands of other computers it infiltrated.

At one of the larger American web companies offering advice on how to eliminate the worm, traffic from Iran has swamped that of its largest user: the United States.

Perhaps more significantly, traffic from Tehran to the company’s site is now double that of New York City.

Ron Southworth, who runs the SCADA (the Supervisory Control and Data Access control system that the worm specifically targeted) list server, said that until two years ago he had clearly identified users from Iran, “but they all unsubscribed at about the same time.” Since the announcement of the Stuxnet malware, he said, he has seen a jump in users, but few openly from Iran. He suspects there is a cat-and-mouse game going on that involves hiding the e-mail addresses, but he said it was clear his site was being searched by a number of users who have gone to a great deal of effort to hide their country of origin.

Byres said there are a growing number of impostors signing on to Stuxnet security sites.

“I had one guy sign up who I knew and called him. He said it wasn’t his account. In another case a guy saying he was Israeli tried to sign up. He wasn’t.”

The implication, he says, is that such a massive effort is a sign of a coordinated effort.

Because it benignly hides in computers and back up systems, some scientists have claimed that there is only one way of getting rid of the virus, throw out every computer involved with the Iranian nuclear program and get new ones, otherwise they will continually be re-infecting themselves. It is unlikely that Iran would take the time (a year or more) to take that drastic step.

No one knows for sure where the virus came from, but there is evidence that Israel is probably behind the Stuxnet worm, evidence of biblical proportions. If not Israel maybe the virus is a sign from God. Computer Scientists who are analyzing the computer worm have found a file name that seemingly refers to the Biblical Queen Esther, the heroine from the Book of Esther the Old Testament narrative in which the Jews pre-empt a Persian plot to destroy them (ancient Persia is today’s Iran).

Wherever it came from, any virus that is slowing down Iran’s quest for nuclear weapons is doing God’s work. Now if those same people could develop a virus that could shut down WikiLeaks.

Become a Lid Insider

Join the conversation!

We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse.